Page MenuHomePhabricator
Create Task
Maniphest T84962

Authn and authz as a service
Closed, DuplicatePublic
Actions

Description

We need to provide Authz/Authn as a service. The primary consumers will be MediaWiki and other standalone services in the Wikimedia infrastructure and third party applications making use of Wikimedia sites.

There's two of major steps here

  1. Finalize T380: RfC: SOA Authentication. This needs to take into account the larger question of "how do we inject services into MediaWiki core in a reusable way?" and "how do we handle legacy hooks in such services?"
  2. Implement services based on RFC - authn first and authz second.

Stuff like OpenID and Captchas are out of scope here. A number of OAuth fixes would be in scope. Improved 2FA could follow very soon after this.

Related Objects
Search...

StatusSubtypeAssignedTask
 DuplicateNoneT84962 Authn and authz as a service
 Declined GWickeT380 RfC: SOA Authentication
 ResolvedAnomieT88010 Action API modules to support Restbase

Event Timeline

demon created this task.Dec 19 2014, 1:44 AM
demon raised the priority of this task from to Needs Triage.
demon updated the task description. (Show Details)
demon added projects: MediaWiki-Core-Team, Epic.
demon changed Security from none to None.
demon added a subtask: T380: RfC: SOA Authentication.
demon subscribed.
bd808 subscribed.Dec 24 2014, 5:24 PM

I think we should consider issues like T19312: Separate UserLogin from authentication process; create account creation and identification internal API to be in scope for this project. It seems reasonable to me that we will need to refactor/rethink the authn/authz stack inside MediaWiki in order to make it possible to use an external service if that is where the project ends up going.

Parent5446 subscribed.Jan 2 2015, 8:25 PM
GWicke added projects: Services, Service-Architecture.Jan 8 2015, 1:34 AM
GWicke mentioned this in T87486: Services roadmap Jan-March 2015.Jan 24 2015, 12:52 AM
mobrovac subscribed.Jan 25 2015, 9:58 AM
mobrovac mentioned this in T76165: Handle revision deletion and suppression in RESTBase.Jan 25 2015, 10:01 AM
mobrovac added a comment.Jan 30 2015, 11:45 PM

The notes from the meeting are here on the subject are here: http://etherpad.wikimedia.org/p/SOAAuth

mobrovac added a subtask: T88010: Action API modules to support Restbase.Jan 30 2015, 11:46 PM
Anomie closed subtask T88010: Action API modules to support Restbase as Resolved.Feb 20 2015, 1:28 PM
bd808 removed a project: MediaWiki-Core-Team.Apr 8 2015, 10:44 PM
demon unsubscribed.Aug 19 2015, 3:37 PM
mobrovac mentioned this in T113117: RESTBase wrongly refusing to serve revision text if username is hidden.Sep 21 2015, 1:33 PM
mobrovac mentioned this in T122077: Define schema for a User-block event.Apr 19 2016, 11:55 PM
GWicke closed this task as a duplicate of T120484: Create password-authentication service for use by CentralAuth.Oct 12 2016, 9:00 PM
GWicke closed subtask T380: RfC: SOA Authentication as Declined.Apr 19 2017, 11:14 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL